﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

public partial class login_employee : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["USERNAME"] != null)
            Response.Redirect("main.aspx");

        Session["USERNAME"] = null;
        Session["PASSWORD"] = null;
        Session["IDENTITY"] = null;
    }
    protected void button1_Click(object sender, EventArgs e)
    {
        string name = textbox1.Text;
        string password = textbox2.Text;
        bool log = false;
        //如果密码与数据库中用户的密码一致，log设置为true，否则log仍为false
        SqlConnection sc = new SqlConnection(ConfigurationManager.ConnectionStrings["wbkpt"].ConnectionString.ToString());
        sc.Open();
        SqlCommand com_check = new SqlCommand();
        com_check.Connection = sc;
        com_check.CommandText = "select EMPLOYEE_PASSWORD from INFO_EMPLOYEE where EMPLOYEE_NAME=@name";
        com_check.Parameters.AddWithValue("@name", name);
        object a = com_check.ExecuteScalar();
        string ori_psw = "";
        if (a == null)
        {
            log = false;
        }
        else { ori_psw = a.ToString(); }
        if (ori_psw.Equals(password) == true)
        {
            log = true;
        }
        else log = false;

        if (log == true)
        {
            SqlCommand com_getcert = new SqlCommand("select CERTIFICATION from INFO_EMPLOYEE where EMPLOYEE_NAME=@ename1",sc);
            com_getcert.Parameters.AddWithValue("@ename1",name);
            int certtification = Convert.ToInt32(com_getcert.ExecuteScalar().ToString());
            if (certtification == 0)
            {//还未通过审核，无法登录
                Page.RegisterStartupScript("ss", "<script>alert('您尚未通过企业管理员审核，暂时无法登录！')</script>");
                return;
            }
            else
            {
                SqlCommand com_getstatus = new SqlCommand("select STATUS from INFO_EMPLOYEE where EMPLOYEE_NAME=@nameee", sc);
                com_getstatus.Parameters.AddWithValue("@nameee", name);
                int stat = Convert.ToInt32(com_getstatus.ExecuteScalar().ToString());
                if (stat == 1)
                {//限制每个账户在线人数只能为1
                    Page.RegisterStartupScript("ss", "<script>alert('相同的销售用户已在线！')</script>");
                    return;
                }
                else
                {
                    try
                    {
                        Session["IDENTITY"] = "employee";
                        SqlCommand com_upline = new SqlCommand("update INFO_EMPLOYEE set STATUS=1 where EMPLOYEE_NAME=@namee", sc);
                        com_upline.Parameters.AddWithValue("@namee", name);
                        while (Application["sqllock"] == "lock")
                        {
                            System.Threading.Thread.Sleep(2000);
                        }
                        Application["sqllock"] = "lock";
                        try
                        {
                            com_upline.ExecuteNonQuery();
                        }
                        finally
                        {
                            Application["sqllock"] = "unlock";
                        }
                        SqlCommand com_getenter = new SqlCommand("select ENTER_NAME,ENTER_ID from INFO_ENTER where ENTER_ID=(select ENTER_ID from INFO_EMPLOYEE where EMPLOYEE_NAME=@name2)", sc);
                        com_getenter.Parameters.AddWithValue("@name2", name);
                        SqlDataReader r = com_getenter.ExecuteReader();
                        string ename = "";
                        string eid = "";
                        while (r.Read())
                        {
                            ename = r.GetString(r.GetOrdinal("ENTER_NAME"));
                            eid = r.GetString(r.GetOrdinal("ENTER_ID"));
                        }
                        r.Close();
                        Session["USERNAME"] = ename;
                        Session["PASSWORD"] = password;
                        Session["EMPLOYEENAME"] = name;
                        Session["ENTERID"] = eid;
                        Response.Redirect("main.aspx", false);
                    }
                    catch
                    {
                        Session["USERNAME"] = null;
                        Session["PASSWORD"] = null;
                        Session["IDENTITY"] = null;
                        Session["EMPLOYEENAME"] = null;
                        Session["ENTERID"] = null;
                    }
                }
            }
        }
        else Response.Redirect("error_log.aspx", true);
    }
    protected void button2_Click(object sender, EventArgs e)
    {
        Response.Redirect("register_employee.aspx");
    }
}